On Mar 3, 2004, at 8:57 PM, Meng Weng Wong wrote:
so suppose domain.com publishes SPF.
but workstation.domain.com does not.
right now SPF tells you to publish an SPF record for every single
subdomain that has either A or MX. but that's yucky.
but if we add a match_subdomains modifier to domain.com's record, we
can allow subdomain lookups and the problem is solved!
what do people think?
domain.com IN TXT "v=spf1 -all match_subdomains=1"
The first concern is how do you know to back down to a 2-deep tld?
most country-specific tlds end up being delegated on the third tier
(e.g. domain.co.uk)
I also assume we would want to respect the deepest domain that has a
valid SPF record? (That makes sense to me).
I would work about people (spammers) being particularly obnoxious and
addressing messages from:
a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.c.z.x.s.w.f.d.s.f.
v.d.domain.com
and making SPF implementations wade backwards through the the
subdomains until finding (or not finding) and SPF entry. That's a
whole lot of DNS entries. If you can propose a clean solution to that
problem, I think it is an excellent idea.
Working upwards from the tld may be useful. As it is arguably true that
any delegated domain has control over subdomains and could place
agreeable SPF records there, but you still have the problem of having
to explore all of the above mess if there are no SPF records.
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on Earth